Key Regulatory Updates
- Operational Resilience
Acting Comptroller of the Currency, Michael J. Hsu, on March 14, 2024, addressed the Institute of International Bankers at their annual conference in Washington, DC on the topic of operational resilience[1]. Operating risks and the ability to recover from unexpected external events or internal control deficiencies continue to increase and get more complex. As stated by the Acting Comptroller, “As banking services continue to grow and as technology and third parties play a greater role in the provision of those services, the threat surface for disruptions is expanding.”
Regulatory agencies expect ongoing attention to strengthening risk management and operational recovery capabilities. In summary and quoting from the speech, “Ensuring that critical operations and banking services can withstand or recover from disruptive events requires good planning, prudent investment, well-designed systems, and regular testing.”
RGS Perspective – RGS believes that many community banks and foreign branches have strengthened their controls and risk management practices with respect to operational risks. However, banks should expect greater emphasis from regulators in upcoming examinations on operational matters including for the following areas:
- Incident response plans
- Identification and risk rating of critical systems
- Risk determinations of third-party service providers and related risk management
- Technology and data security risk assessments, and
- Data recovery and back up plans, and associated testing.
Operational complexities will vary by institution and so will the risk management process. However, it is important to keep these plans updated and to ensure that third parties being depended upon for technology and other support have the same rigor to combat disruptions in their systems and processes.
- Residential Lending Valuation Discrimination and Bias
On February 12, 2024, the FFIEC issued “Statement on Examination Procedures Related to Valuation Discrimination and Bias in Residential Lending”[2] which highlights the need to have internal controls to identify and monitor valuation discrimination or bias that could negatively impact credit decisions, and which could expose an institution to legal and compliance risks related to potential ECOA violations or other consumer regulatory violations.
RGS Perspective – RGS notes that examination procedures are being adapted for both consumer compliance and safety and soundness examinations to focus on the controls and practices that institutions have within their credit functions related to identifying, monitoring, and controlling the risk of valuation discrimination or bias occurring in their residential lending origination process. Areas that need to be reviewed to ensure that appropriate controls are in place to manage this risk include, appraisal selection and independent review processes, depth of policies and procedures, activities designed to monitor valuations with metrics to track trends and outliers, training programs and the quality of credit review functions.
- CFPB Actions and Rules regarding False Claims and Excessive Fees
- On January 17, 2024, the Consumer Financial Protection Bureau (CFPB) proposed new rule to close bank overdraft loophole that leads to billions of dollars being charged as junk fees nation’s biggest financial institutions[3].
- On January 24, 2024, the CFPB proposed a rule to prohibit covered financial institutions from charging nonsufficient funds (NSF) fees on payment transactions that are instantaneously declined because such fees would constitute an abusive practice[4].
- On March 27, 2024, the CFPB issued a new circular[5] warning institutions providing international money transfers that false advertising about the cost or speed of remittances can violate the Consumer Financial Protection Act’s prohibition concerning deceptive acts or practices. The CFPB noted that certain companies that provide remittance services are charging junk fees on international money transfers and making false claims about the speed of transfers.
RGS Perspective – RGS notes the increasing focus of CFPB on excessive fees or instances of providing misleading information to consumers by banks and/or others. Proposed rules indicate CFPB’s commitment to curb these activities.
Enforcement Actions Updates
Enforcement actions, while being specific to the institution, provide insights into likely deficiencies and the severity at which it may be viewed by the regulators. There were many enforcement actions during the 1st quarter of 2024 for risk management matters, and these included the following:
- City National Bank of Los Angeles – The Office of the Comptroller of the Currency (“OCC”) issued a Cease-and-Desist Order and assessed a $65 Million penalty on the Bank[6]. In summary the OCC determined that the Bank engaged in unsafe and unsound banking practices because of systemic deficiencies in risk management and the internal control structure. This breakdown in controls and lack of risk management oversight resulted in deficiencies throughout the Bank including operational, compliance, investment management and strategic planning.
- First National Bank of St. Ignace in Michigan – The OCC issued a Formal Agreement related to inadequate capital planning, capital stress testing and overall strategic planning matters at this Bank[7].
- Piermont Bank, New York – The Federal Deposit Insurance Corporation (“FDIC”) issued a Consent Order related to inadequate Third-Party Risk Management Program and other control matters at the Bank[8].
- Lineage Bank, Franklin, Tennessee – The Federal Deposit Insurance Corporation (“FDIC”) issued a Consent Order related to an inadequate Third-Party Risk Management Program related to FinTech partners at the Bank[9].
There were many other enforcement actions and monetary penalties, including for Bank Secrecy Act Program (“BSA”) compliance matters. These included Piermont Bank[10], First Farmers &Commercial Bank[11], City National Bank[12], etc.
RGS Perspective – RGS notes the ongoing escalation of attention to risk management, strategic and capital planning and the oversight and management of third -party vendor risk and encourages Banks to continually assess the status and effectiveness of their risk management practices. BSA and AML risks are a well-known regulatory focus area for decades now and yet there are Banks that come under severe regulatory actions for deficiencies in this area. RGS recommends that Banks should not get complacent about their BSA/AML programs even if they have been rated satisfactory in recent examinations or independent audits, as they should keep in mind that regulators perform a risk focused audit and therefore not every aspect of the function/regulation may have been reviewed in depth during recent examination.
Miscellaneous Updates
- Basel III Endgame – In July 2023, the US Bank Regulators published for comment changes to bank capital rules intended to align with Basel III standards[13]. The proposed rules impact Banks in the US with assets exceeding $100 Billion. A substantial portion of the proposed capital increases target banks’ operational risks. In theory the higher overall business volumes would correlate with higher operational risk capital requirements. Mortgages is another area where banks would have to set aside more capital based on risk –originating higher LTV loans would translate into higher capital requirements. The comment period for these proposed rules was extended into January 2024 and at a March 2024 hearing there was Congressional criticism of the proposal. The outcome is yet to be determined and when the rules become final changes are likely to be phased in over several years.
RGS Perspective – RGS notes that community banks with less than $100 Billion in total assets will not be impacted by the higher capital requirements although there is expected to be an increased focus on operational controls and risk management at all Banks. The positive aspect for smaller community banks is that the mortgage business, which is often the cornerstone of community bank lending, will have a competitive advantage since they will not have to deal with the increased mortgage lending capital requirements.
- Audit Committees’ Concerns – recently Deloitte published the third edition of “Audit Committee Practices Report”: Common Threads Across Audit Committee’s”[14]. The findings in the report were derived from a survey of 266 audit committee members, the majority of which were from U.S. public companies. The top three audit priorities identified in survey were not that surprising, the top two being concerns about cybersecurity and enterprise risk management matters. The third top priority included three issues related to finance and internal audit talent, regulatory compliance, and finance transformation.
RGS Perspective – RGS notes that these results concerning top of mind matters for audit committees align with its experiences at the banks and are also reflected in the concerns and guidance issued by the regulatory agencies.
RGS in the Marketplace
RGS provides specialized internal audit, advisory and compliance consultancy to community and foreign banks. Staying close to industry trends and regulatory expectations, RGS is dedicated to helping its clients navigate the challenges presented by today’s fast-changing operational and business environment and efficiently manage their risks. For further guidance or assistance contact us at: info@RGSGlobalAdvisors.com
______________________________
[1] https://www.occ.gov/news-issuances/news-releases/2024/nr-occ-2024-23.html
[2] https://www.ffiec.gov/press/pr021224.htm
[3] https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-rule-to-close-bank-overdraft-loophole-that-costs-americans-billions-each-year-in-junk-fees/
[4] https://www.consumerfinance.gov/rules-policy/rules-under-development/nonsufficient-funds-nsf-fees/
[5]https://www.consumerfinance.gov/about-us/newsroom/cfpb-takes-action-to-halt-false-claims-of-free-international-money-transfers/
[6] https://www.occ.gov/news-issuances/news-releases/2024/nr-occ-2024-8.html
[7] https://occ.gov/static/enforcement-actions/eaAA-CE-2024-01.pdf
[8] https://orders.fdic.gov/s/press-release-orders?prYear=2024&prDate=29&prMonth=3
[9] https://orders.fdic.gov/s/press-release-orders?prYear=2024&prDate=23&prMonth=2
[10] https://orders.fdic.gov/s/press-release-orders?prYear=2024&prDate=29&prMonth=3
[11] https://orders.fdic.gov/s/press-release-orders?prYear=2024&prDate=23&prMonth=2
[12] https://www.occ.gov/news-issuances/news-releases/2024/nr-occ-2024-15.html
[13] https://www.federalreserve.gov/newsevents/pressreleases/bcreg20230727a.htm
[14] https://www2.deloitte.com/us/en/pages/center-for-board-effectiveness/articles/audit-committee-report.html